First NESSOS Industry Seminar Print

Call for Participation

Secure service engineering:
from best practices to scientific excellence (and vice versa)

Date: 28th October 2011
ServiceWave 2011, Poznan (Poland)

The domain of Engineering Secure Software Services covers a collection of engineering activities that aim for the creation of software services – i.e. ICT services delivered through the deployment of software systems- that are both behaviorally correct (typically guided by software engineering principles) as well as secure. The specific engineering activities range from requirements engineering and analysis, over the creation of architectures, high-level and detailed design into implementation through the reuse and composition of existing artifacts, as well as through the programming of new entities, typically components and services.

In practice, industry is often faced with cost and time constraints, which leads to implementation of “best efforts” or “reasonable” security. However, security challenges are continuously evolving and the complex nature of the Future Internet is stressing the importance of comprehensive and systematic approach to secure software and service engineering. There is a demand for a set of new engineering methodologies, tools and techniques as well as methods to provide justifiable evidence and assurance for security while  retaining in mind the constraints related to  effectiveness and cost-efficiency.. There is, however, a possibility for exploiting synergies of advanced research approaches with industrial best practices in order to reduce the gap between theory and practice, and to pave the way for the future  secure software and service engineering.

In the framework of NESSOS project, we are planning to organize a series of workshops on secure software engineering focused on this interplay between industry and academy. The First NESSOS industry seminar, collocated with ServiceWave 2011, is organized not only with the purpose to introduce the project to the industrial community, but also to collect and analyze industry best practices, current needs and upcoming challenges. Prior to this industry part, scientific community representatives from NESSOS will introduce project and state of the art.

This workshop therefore intends to allow more structured interaction between  industrial and scientific  stakeholders in the field of secure engineering of software and services. For this reason, it is planned to invite the most relevant industry actors to present their best practices from diverse application areas in order to analyze several perspectives. It is expected to identify future key challenges to address in the field, in particular in the context of the evolution towards the Future Internet, as well as directions for scientific community which should align future research with the industrial needs.

On the other hand, this workshop will also support the spreading of the academic research excellence in software engineering to the industrial stakeholders. This will, as well, contribute to increase the trustworthiness of the Future Internet core platform and services and will help to raise the awareness about the importance of taking security requirements into account from the very early stage of design. The principle of addressing security issues from the very beginning is contributing to reduce system and service vulnerabilities, improve the necessary assurance level, thereby considering risk and cost issues during development in order to prioritize investments.

Finally, this workshop aims to identify trends that create market opportunities, both technical and economic, and to create exploitation opportunities.

As output of this industry seminar, a report will be published with a twofold objective: it will not only serve as a communication tool to transfer knowledge, but it will also provide useful feedback to quantify the effectiveness of the seminar in relation to its objectives and take measures for future events. In addition, this seminar results will be integrated in the NESSOS public repository to grant it more visibility.

This is the first seminar out of the three to be organized by NESSOS and its estimated duration is half a day.


Agenda (preliminary)

9:00 – Introduction - A.Pasic (AtoS)

9:10-9:30 Nessos Project  overview - F. Martinelli (CNR)

9:30 -10:15 From Secure Software Engineering to Secure Service Engineering – Gary McGraw (Cigital/BSIMM)

10:15-10:30 Coffee break

10:30 -11:00 Challenges of secure service engineering – J. Cuellar (Siemens)

11:00-11:20 Generic enablers for security of Future Internet Services – P. Bisson (Thales)

11:20-11:40 Service engineering and assurance in clouds – T. Dimitrakos (BT)

11:40-12:50 Panel

-        Aljosa Pasic (ATOS) - Moderator

-        Valerie Issarny (INRIA)

-        Mass Lund (Sintef)

-        Domenico Rotondi (TXT)

12:50-13:00 wrap up